I have several users located in India trying to connect to a VIP in Canada over an https link and experience issues connecting (local users can connect fine to this URL from Vista PC's). The same URL is accessible from India on Win2k PC's.The Vista PC and server successfully established a TCP connection and also start to exchange SSL client/server hellos. It's after this exchange of SSL hellos that I see IP fragmentation and other lost packets messages.Doing a tracert from the PC to the CSS VIP and vice-versa shows 18 hops, so wonder if I'm experiencing some sort of time-out issue, but why only for Vista?
I've attached (.bmp) the relavant lines from a wireshark capture from a Vista PC.
Pings to the users gateway from Canada to India:
H:\>ping 172.16.224.1 -t
Ping statistics for 172.16.224.1:
Packets: Sent = 270, Received = 270, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 344ms, Maximum = 365ms, Average = 345ms
Any ideas on why the communication fails after the SSL hellos on the Vista PC's?
Thank you in advance!
My personal choice would be 8.20.4.02.
There is no compatibility concern except if you want the 2 devices to be configured in box-to-box redundancy.
In this case, I would recommend to have the same version on both CSS.
CSS11503(config)# flow tcp-window-scale ? Integer value(Range: 0-14) CSS11503(config)# no flow tcp-window-scale tcp-window-scale Reset TCP window scale shift count to default (not sent) This configuration parameter related to the spoofed TCP SYN/ACK sent back to the client. If this new configuration parameter is set the CSS will insert the TCP WS option in the TCP SYN/ACK back to the client.
So, you need to set the same WS as what is configured on the server.